Hacktivist expose an information security truth.

The Panamanian legal firm Mossack Fonseca’s leak exposes a systemic security lapse. In revealing the obscenely wealthy businessmen and heads of states that used the firm to avoid taxes, the Panama Papers brings security awareness to the forefront. By releasing 2.6 terabytes of data, it highlights damage caused by a longstanding security void.

The staggering quantity smashes Edward Snowden’s record by 1,500 times. The amount divulged shows a complete absence of access management controls. The data included 11.5 million confidential documents, 4.8 million emails, three million database records, and 2.1 million PDF files. Next month, hacktivist plan to release the complete list of Mossack Fonseca’s clients. Their promise adds insult on top of the embarrassment and credibility loss. The leak magnifies the law firms’ unpreparedness even while representing the extremely wealthy.

Panama Papers Security Breach One Email Server

The BBC News reports for forty years Mossack Fonseca helped clients launder money and avoid taxes. The incident should trigger far-reaching changes to contain lawless firms and their customers. The monumental amount of data accentuates the importance of protecting customer data. Without access management controls, organizations are limited in preventing and remediating attacks. In this case, just one email server spilled all of the firm’s covert money laundering schemes.

What’s different about the largest cyber breach ever? Chelsea Manning and Edward Snowden’s WikiLeaks were ‘insider jobs’. The Panama Papers almost certainly resulted from external hacktivists.

Access Management Information Security Controls

Access management controls help prevent unauthorized collection, use, and distribution of information. It restricts and enforces access management governance and SoD policies. Access management provides an audit record and streamlines security reviews. It can remove access privileges automatically and in real time. Core Identity and Access Management security controls include the following capabilities:

Access Management: Notify managers, approvers, users and administrators in real-time of suspicious activity. Log access to systems, enterprise applications, and cloud services. Assert control over users and their requests based on rules and policies you configure.

Group Management: Automate group membership access to applications and email distribution based on business rules and security policies. Continuously, monitor group integrity, detect potential security exceptions as they happen and send notifications.

Leadership and Information Security Controls

Ignorance of the law and ethics are inexcusable defenses. Ignorance of information security applies also. With billion-dollar money laundering enabling the wealthiest to hide graft and corruption, the Panama Papers reinforces the need for leadership accountability and information security controls. When heads of state and a nation’s wealthiest individuals circumvent laws to avoid taxes, they deny citizens of human services, modern transportation, quality schools, and a whole lot more.

All citizens are accountable for obeying tax laws. This money hopefully gets invested into the communities and countries where we live and work. For starters, it goes to national defense, health care, income security, debt, veterans, education, and law enforcement. When heads of state and a nation’s wealthiest individuals refuse to contribute, talented people with a cause will find a way to expose the truth. For every citizen, the best way to prevent a security breach of this magnitude is quite simple. Never engage in money laundering in the first place.

Get a Free Copy of the Top 10 Access Management Best Practices Workbook

Begin your identity and access management initiative by following expert recommends for business process workflow automation, self-service administration and IT security. Start now with the most cost effective information security controls available to enterprises, government agencies, and universities.